Catch this episode on Apple, Spotify, Amazon, or YouTube.
Key Takeaways
Audit independence is fundamental to maintaining the integrity and authenticity of audit reports
The challenge of scale in enterprise vendor assessment - large organizations struggle to thoroughly validate thousands of vendors' compliance status
Money exchanging hands between audit firms and vendors is problematic for independence
There are some organizations who create packages that set standard rates, which can be seen as a form of price fixing
The industry faces challenges with audit firms developing sales-focused approaches while trying to maintain independence
In the world of GRC, auditor independence is a critical element to ensure documents, attestations, and certifications maintain the value they were designed for. This week, we continue our conversation about the role compliance plays today and how it has been somewhat degraded due to multiple factors (including market demand). This week we are joined by Kevin Kriebel, VP of BizDev at Drata, who provides his unvarnished perspective on what role organizations like Drata play in this ecosystem.
Understanding Auditor Independence
The discussion revolved around why auditor independence is vital. Troy explained how independence safeguards the integrity of audits by preventing conflicts of interest. He noted that while absolute independence is challenging, it’s critical to reduce potential biases to maintain trust in audit reports.
Kevin questioned whether governing bodies are effectively enforcing these standards, and Troy responded by highlighting the fragmented regulatory enforcement across states, revealing gaps in oversight, particularly within the SOC 2 space.
As the conversation deepened, Kevin presented the challenges faced by companies like Drata when dealing with audit firms that may not meet their standards. He expressed the difficulties in navigating partnerships with audit firms while ensuring client confidence in audit results.
Troy posed a provocative question regarding the influence of referral relationships on audit firm independence, pondering if heavy reliance on a small number of platforms might impair judgment.
The Role of Education and Market Dynamics
The trio agreed that education is central to addressing many issues within the GRC space. Kevin emphasized the need for better customer education to bridge knowledge gaps. This, he argued, would help prevent the spread of misinformation and protect businesses from falling prey to substandard auditing practices.
Kevin also pointed out the capitalist nature of our economy, suggesting that market demands, not government intervention, ultimately dictate audit standards. Enterprises could step up by setting stricter compliance expectations for their vendors.
Bundling and Price Fixing Concerns
The discussion also touched on the controversial topics of bundling and price influencing among vendors and audit firms. Kevin insisted that transparency is key, stressing that Drata maintains pricing integrity without resorting to bundled services, as that could obscure costs and hurt customer trust.
The Path Forward: Enterprise Responsibility
Kevin argued that real change must arise from enterprise clients who can demand higher compliance standards. By pushing back against low-quality audits, they could instigate significant improvements across the industry.
In closing, Kevin made an appeal to the audit community to actively engage in dialogue and provide feedback, and that organizations like Drata need to be part of a collaborative solution for improving GRC standards.
This discussion wasn’t just about identifying problems; it was a call for unity and action within the auditing and compliance sectors. Bringing these issues to light ensures that integrity and transparency remain at the forefront of the GRC dialogue. Whether you're an auditor, a compliance officer, or a business leader, the insights shared encourage reflection on how you can contribute to elevating industry standards.
Share this post